If history has taught us anything, Arthur muses, it is that new technologies become outdated pretty quickly as the threat landscape changes continuously. When threats began to emerge in the 90s, many businesses moved to install anti-virus protection. These new products were able to fight against a relatively small number of known viruses, but soon malware authors created the trojan horses and worms, and followed by the explosion of the Dark Web and cryptocurrency, cybercriminals were able to share and sell tools and tactics without being traced.
According to the AV-TEST Institute, over 350,000 new malicious programs are created every day. No wonder that traditional antivirus products missed an average of 60 percent of attacks in the past years.
Making AI Accessible to Everyone
To meet these challenges, enterprises needed better solutions. When AI technology became available, it did not take long for new innovative products to replace the legacy tools based on signature detection.
These new EPP (Endpoint Protection Platform) tools provided some relief to the enterprise, but malware groups quickly discovered that EPP products were utterly blind to memory-based malware, lateral movement, and fileless malware attacks.
To fill this gap, EDR (Endpoint Detection and Response) was born, enabling the enterprise to see what was happening on the corporate network. EDR, as it stands today, provides visibility, but requires skilled personnel that can take the vast amounts of data it generates, contextualize it, and then use it to mitigate the cyber threat. Greater demand for talented cyber analysts has created a massive labor shortage in the security industry – especially in our region. At the same time, cloud-based solutions suffer the problem of increased dwell time – the delay between infection and detection. Solving these problems is where ActiveEDR comes into play.
What is ActiveEDR?
With so many activities happening on every device, sending all this information to the cloud for analysis might offer visibility, but it is still far from solving the main problem: the flood of alerts facing understaffed security teams. What if you could put the equivalent of a skilled SOC analyst on each of your devices? An agent that can contextualize all the device’s activities and identify and mitigate threat attempts in real time?
ActiveEDR does not rely on cloud connectivity to make a detection. This effectively reduces dwell time to run time. The agent uses AI to take a decision without depending on cloud connectivity. The ActiveEDR constantly draws stories of what is happening on the endpoint. Once it detects harm, it is capable of mitigating not only malicious files and operations but the entire ‘storyline’.
Consider this typical scenario
A user opens a tab in Google Chrome and downloads a file he believes to be safe. He then executes the file. This program is malicious, initiating PowerShell to delete the local backups and then start encrypting all data on the disk. ActiveEDR knows the full story, so it will mitigate this at run time, before encryption begins. When the story is mitigated, all the elements in that story will be taken care of, all the way to the Chrome tab the user opened in the browser. It works by giving each of the elements in the story the same TrueContext ID. These stories are then sent to the management console, allowing visibility and easy threat hunting for security analysts and IT administrators.
ActiveEDR allows you to:
- Track Everything
- Contextualize and Identify Evil in Real Time
- Respond & Rollback
- Threat Hunt with “TrueContext” technology
A New Experience for the Security Analyst
ActiveEDR reduces the cost and time required to bring value to the complicated and overwhelming amount of data provided by passive EDR tools. The autonomous AI-powered agent functions like a SOC analyst on each and every endpoint, transforming massive amounts of data into stories and raising high-quality, prioritized alerts when threat behavior is observed. At machine speed, ActiveEDR is able to prevent, detect, and respond to advanced attacks regardless of delivery vectors, whether the endpoint is connected to the cloud or not.
“Operationalizing EDR technologies has historically been challenging,” said Alex Burinskiy, Lead Security Engineer, Cengage, an education and technology company. “ActiveEDR provides our entire security team — regardless of skill level — with the context to not only understand what was found, but autonomously block attacks faster than any other solution on the market.”
“As threats evolve, it is no longer enough to provide passive EDR solutions that only notify of a potential threat,” said Tomer Weingarten, CEO and Co-Founder, SentinelOne. “Analysts are drowning in data, and simply aren’t able to keep up with sophisticated attack vectors such as ransomware, exploits and other fileless evils until it’s too late. ActiveEDR allows security teams, regardless of skill level, to easily identify malware and attackers lurking in a network, cutting the time to detect, contain, eradicate, and recover in realtime.”
The technology known as “TrueContext” transforms the EDR to be Active, as it responds in real time, turning dwell time into no time. ActiveEDR empowers security teams and IT admins to focus on the alerts that matter, reducing the time and cost of bringing context to the complicated and overwhelming amount of data needed with other, passive EDR solutions.
The introduction of ActiveEDR is similar to other technologies that helped humans to be more efficient and save time and money. Like the car replaced the horse and the autonomous vehicle will replace vehicles as we know them today, ActiveEDR is transforming the way enterprises understand endpoint security.
SentinelOne founded in 2013 and headquartered in Mountain View, California, is a cybersecurity software company. SentinelOne Singularity is one platform to prevent, detect, respond, and hunt in the context of all enterprise assets.
Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart. www.sentinelone.com